Recently security researchers Talal Haj Bakry and Tommy Mysk (via Forbes) discovered risk associated with the clipboard for iPhone, iPad and Mac.
This security issue allows for malicious applications "Hold" any copied data on the clipboard. As you can imagine, it is a very serious problem.
According to Apple, copy and paste functionality is more common, but there seems to be security breaches that could affect users IOS, iPadOS and macOS.
It may interest you | Larry Tesler, an Apple employee who invented cutting, copying and pasting, recently passed away
The vulnerability affects iPhone, iPad and Mac
It was initially thought that this security breach only affects the iPhone and iPad. But apparently it goes beyond mobile devices and it's also available on Mac.
"We revealed in our text that Universal Clipboard could also be affected by this vulnerability to check what users are copying on their Mac."
This can be a very important issue, since copy and paste usage is very common on an iOS or IPOS device, but it is much higher on a Mac.
As Apple explains, users can use Universal Clipboard to copy and paste content between different devices. That is, you can copy text, pictures, photos and videos on the iPhone and attach it to iPad or Mac.
In this pair of tweets shared on Twitter by Tommy Mysk (@mysk_co) Talk about being vulnerable by adding a few recorded videos from the screen of your iPad and your Mac:
Friends!
Not the only KlipboardSpy photos can steal.
Because of the expressions that appear @MayaErgas, we've added a video that shows how KlipboardSpy on an iPad or iPhone can steal text from Mac by checking in on Universal Clipboard
Read the full article at https://t.co/IzHClZxFw1 pic.twitter.com/IXEmuSnzAn
– Mysk (@mysk_co) February 26, 2020
In his tweets, a security researcher announces that vulnerability is not only allowed by a malicious software to steal images, but can steal data as well. identify your location for local services. All of this thanks to a demo app called KlipboardSpy.
Because of these interruptions, a malicious attacker can create an application like KlipboardSpy to steal data that has been copied to your iPhone, iPad or Mac clipboard and then accesses the metadata attached to the image taken from the device.
From Apple they are analyzing the problem and are not worried
According to investigators, they shared their findings with Apple on January 2, 2020. They explained that, after analyzing their report, Apple reported that "They saw no problem with this threat". Missed, they also contacted the bite company but they did not respond.
For this vulnerability to affect the device, a malicious application must be running behind. Researchers have acknowledged their use in the Vista Today widget and watched the problem escalate.
"Malicious apps may run the risk of getting the user's location, even if that user has blocked the location sharing option for that app."
The warning that security researchers Talal Haj Bakry and Tommy Mysk gave Apple urged the company to remove unauthorized access to the clipboard. They can do so through the privacy settings of the latest iOS or iPadOS applications. Alternatively, there may be another solution to this security problem restrict access to the clipboard when the user performs the task of pasting content.
It is important to say that this is only a power Security That is, no case was found when an attacker stole data from a user's locker with a malicious application. However, researchers have indicated that the threat still exists, and it may be only a matter of time before such an app can enter the App Store.
Hopefully Apple will respond and fix the security issue with security on future versions of iOS, iPadOS and / or macOS. We will always be aware of possible developments. What do you think of this curious and dangerous security problem on the iPhone, iPad and Mac?
